±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 1 Overall: 35520
New Yesterday: 6 Visitors: 162

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Webinars

Metasploit Anti-Forensics

Forensic software discussion (commercial and open source/freeware). Strictly no advertising.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

vrocco
Member
 

Metasploit Anti-Forensics

Post Posted: Mar 20, 07 00:34

Has anyone played around with the tools at : www.metasploit.com/pro...forensics/ ? I played around a bit and even wrote a quick GUI for TimeStomp.

However, I am getting some errors in both TimeStomp and Slacker that I don't understand. I don't know if I am doing something wrong or if it is the code.

I tried emailing vinnie at metasploit, but he hasn't gotten back to me yet. If anyone has experience with these tools, please email me or post here. I have a GUI for Slacker ready to go as well, I just need to get these errors worked out.

Thanks!  
 
  

skip
Senior Member
 

Re: Metasploit Anti-Forensics

Post Posted: Mar 22, 07 18:50

- vrocco
Has anyone played around with the tools at : www.metasploit.com/pro...forensics/ ? I played around a bit and even wrote a quick GUI for TimeStomp.

However, I am getting some errors in both TimeStomp and Slacker that I don't understand. I don't know if I am doing something wrong or if it is the code.

I tried emailing vinnie at metasploit, but he hasn't gotten back to me yet. If anyone has experience with these tools, please email me or post here. I have a GUI for Slacker ready to go as well, I just need to get these errors worked out.

Thanks!


The folks at metasploit have individual blogs you could look there.
And the folks that release BackTrack (has the metasploit framework and the anti-forensic tools on it) have a forum.
You could join that forum and ask there as well.
forums.remote-exploit.org

I've only used timestomp. I didn't have any problems just using it and the help that came along with it....but I didn't try to do anything complicated.

good luck
skip  
 
  

debaser_
Senior Member
 

Re: Metasploit Anti-Forensics

Post Posted: Mar 30, 07 04:58

I have played with timestomp briefly, but havent made much progress with slacker. I'll give it another shot this week.  
 
  

vrocco
Member
 

Re: Metasploit Anti-Forensics

Post Posted: Apr 02, 07 23:00

I figured out my problems with Timestomp. My frontend for it is done if anyone wants to check it out. I will send it on request.

Still having problems with slacker though.

As soon as I get them worked out, I will have a frontend for that done too.  
 
  

echo6
Senior Member
 

Re: Metasploit Anti-Forensics

Post Posted: Apr 28, 07 00:29

I get the following on a few machines here when running timestomp

Error: NtSetInformationFile failed.
Error: SetFileMACE().
Error: SetMinimumTimeValues()


I had a response from Vinnie, he wasn't able to reproduce this issue on his 'puter.  
 

Page 1 of 1